Lucene search
K

7 matches found

OSV
OSV
added 2026/03/27 5:21 p.m.4 views

GHSA-453R-G2PG-CXXQ Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

8.8CVSS6AI score0.00347EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:40 p.m.2 views

CVE-2026-33620

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...

4.3CVSS5.8AI score0.00273EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/01/15 1:14 p.m.12 views

CVE-2026-22644

Technical details (affected products, components, versions, root cause, exploit status) are not publicly provided in the connected documents. Monitor updates from Red Hat, CIRCL, NVD and others for confirmed remediation and impact.

7.5CVSS6.7AI score0.00478EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/01/15 1:14 p.m.8 views

EUVD-2026-2798

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

5.3CVSS6.6AI score0.00478EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/15 1:14 p.m.5 views

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

5.3CVSS6.7AI score0.00478EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/13 6:31 p.m.4 views

EUVD-2025-175341

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

6.1CVSS6.3AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2022/04/12 5:15 p.m.3 views

CVE-2022-27671

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability...

6.5CVSS7.3AI score0.01241EPSS
Exploits0References2
Rows per page
Query Builder